Because I am a certified medical reimbursement specialist, I must do 15 CEU hours every year in order to maintain my certification with AMBA. Some of the CEU's that I am doing are on the subject of HIPAA Compliance and how serious it is to maintain it. In the webinar by Liles and Parker Law Offices, there were a number of warnings that I had not even thought about. Maybe you haven't, either. I would like to pass along some insights that I learned.
One warning that was given is to have a compliance plan in place and make sure that you and your staff follow it. Because of the changes and the effects of the economy on states and federal programs, they are looking for an income source to fill in those gaps that were left by cuts in their budgets. Breaches are easier than before and may be considered fraud, so we all must be careful!
Whistle-blowing is encouraged and is being paid handsomely from huge fines that are being meted out for non-compliance. This headline from today's post from AMBA says:
2012 Record Year for qui tam (whistle-blower) suits. $2.5 billion recovered of $3 billion total in fraud recoveries.
That is a lot of money!!!
As technology advances, there are a lot of ways to make our live easier, but technology does pose problems for security of personal information that must be protected. It is much easier to commit a breach, sometimes unknowingly. One of the biggest areas of concern with HIPAA is protection of personal medical data.
Here are a few practical tips that I learned from the webinar.
1. Don't store patient information on laptops. They can be stolen easily and a lot of
information compromised. If you do put information on a laptop, password and encrypt the
information. Even if the laptop is not stolen and you are very careful, you can still be
considered non-compliant and charged with huge fines if the information leak is traced back
to your computer.
2. Do not use flash drives unless they are encrypted. Even then, they are easily lost,
slipped in a pocket or briefcase, and the information is gone!
3. Do not allow shredding companies to shred your documents unless you
are present to make sure they are shredded properly and not just tossed into the landfill,
thereby unintentionally allowing access to information. Your office can be fined for the
actions of a careless third party .
4. Cellphone usage in the office should be limited. Nowadays, with the use of cameras on
cellphones, information can be quickly compromised and data sent over the web in a matter
of seconds. Be careful who has access to your records. Make sure the person is trustworthy.
You cannot be too careful with information.
5, Have a plan in place for social networking. ie. Facebook, LinkedIn,etc. Although they are
wonderful communication and advertising tools, here is some advice concerning them.
a. Never friend patients on Facebook. That is a breach of their privacy and
patient-doctor confidentiality.
b. Don't let patients "like" you on Facebook.
c. Never talk about your patients on the social network sites.
6. Copy machines have hard drives in them and they store the information which is
scanned. Make sure to turn off those settings so that it does not save your information when
you scan them on the copier.
7. Completely erase old phones and destroy. Do not recycle. There are ways to restore
data on phones...and if the phone is traced back to you, your messages, although deleted,
may be used in a breach case. The best way is to totally destroy the phone so that there is
no way that the information can be restored or retrieved.
There is so much more that could be shared on this subject, however this is only the tip of the iceberg. We as healthcare workers have to be so diligent to protect information. The more you educate yourself, the better your chances are of staying away from non-compliance problems.
Protect yourself from a fine or lawsuit. Be informed. Know the laws and comply.
Thanks for reading.
Donna McHugh, CMRS
No comments:
Post a Comment